Nudge: Intermediaries' Role in Interdependent Network Security

By employing an interdependent security game-theoretic framework, the authors study how individual Internet Service Providers can coordinate the investment decisions of end users to improve the security and trustworthiness of the overall system. They discuss two different forms of intervention: rebates in combination with penalties (pay for outcome) and cost-subsidies (pay for effort). Unlike earlier worms and viruses that inflicted substantial and immediately noticeable harm on users' network experience and data security, nowadays most malicious software covers its tracks and avoids activities impacting hosts' performance.